Posted
by
timothy
on Monday September 25, 2006 @05:07PM
from the titillatin'-litigatin' dept.

An anonymous reader points out an AP story indicating that AOL hasn't seen the end of its own public embarrassment after airing some dirty laundry on behalf of its customers. Excerpted from the story: "Three AOL subscribers who suddenly found records of their Internet searches widely distributed online are suing the company under privacy laws and are seeking an end to its retention of search-related data ... The lawsuit is believed to be the first in the wake of AOL's intentional release of some 19 million search requests made over a three-month period by more than 650,000 subscribers. ... Filed Friday in U.S. District Court in Oakland, Calif., the lawsuit seeks class-action status. It does not specify the amount of damages being sought."

Even if they do win, it wont make any difference to data retention practices though. No one would ever rule against that because of potential use as evidence; especially with the push to mandated retention policies.

Each individual user, likely tracked via cookie, has a unique number that identifies all their searches. You can't tell directly who or where they are, unless their search history gives away their identity in one way or another. Some of the data in the logs can lead to very private information.

That's how a search provider like Google would do it but AOL knows which of its IPs correspond to which users so they can tie the results to the accounts which is much more accurate than cookies (which get deleted quite often or maybe even disabled completely).

My thoughts exactly, especially your second point.
AOL has been slowly going down the drain for some time now, and every action they make either contributes to thier downfall, or can (very unlikely) bring them back up again.
This was obviouslly a act contributing to thier downfall.
Not suprising, IMO.

AOL has been going down the drain since it went from a MAC only platform to one that allowed PC users. From that day, they have been all about the $$$.Let's look at their tactics:

For years, they made it nearly impossible to discontinue their service. (I know from personal experience, where only the treat of a stop check motion to get them out of my personal checking account finally got them to stop billing me for a cancelled service.)

They effectively carpet-bombed the entire U.S. and Canada with CDs of th

Since search inputs are sent over the internet as plain text, and there are often warnings generated by browsers to explain that this isn't secure, I wonder if AOL has done anything illegal and/or anything that they can be sued for in civil court? It was an error that should cost them customers, but I don't see why there should be a class-action lawsuit. They did not release the names of the people searching, and anything linking the searches to the users was a direct result of the search terms they sent

AOL, like most ISPs, has a privacy agreement, which states when and how your information may be distributed. Most call this 'personally identifying' information. That would probably include search terms, especially when grouped by a unique identifier, that would personally identify you.

How AOL obtained that information (plain text over the internet or otherwise) is not relevant - if they agreed with you that they would not share it, then they can't share it.

What I'm curious to see here is most of these agreements also force binding arbitration - if that is the case here, can you even have a class action lawsuit based on the privacy agreement?

And if not, are there any actual LAWS violated here? I don't see any legal culpability. If you tell me that you like to conduct sexual relations with farm animals, and I tell someone else that you told me that you like to conduct sexual relations with farm animals, that wouldn't be actionable. And that's basically what happened here, only in a large volume: People told AOL what they wanted to seach for, and AOL then passed that information to others.

Unfortunate, yes, but there isn't any inherent legal obligation for a 3rd party to hold information you give them in confidence (with certain specific exceptions, like healthcare workers, grand juries, etc, of which AOL is none).

searching for farm sex does not necessarily mean "you like to conduct sexual relations with farm animals." it could mean any number of things, from a poorly formulated search term, to incredulity that such practices exist.
the ambiguity of the dead letter is one of the reasons to oppose the sharing of such data.

If telling people that you told me that you like to have sexual relations with farm animals is not actionable, than certainly telling people that you asked me about information regarding sex with farm animals isn't actionable either. (Assuming, of course, that you had actually done both, if I just made it up, then depending on the circumstances it would be actionable.)

Unfortunate, yes, but there isn't any inherent legal obligation for a 3rd party to hold information you give them in confidence (with certain specific exceptions, like healthcare workers, grand juries, etc, of which AOL is none).

According to TFA, the lawsuit "alleges violations of the federal Electronic Communications Privacy Act and California consumer-protection laws."

That doesn't rule out an argument relating to whether AOL broke their own privacy policy, but it's definitely not the only thing in play he

I'm pretty sure that there is somehing in the EULA that addresses such a thing. I'm not going to read it, mind you. I assume that in the EULAs that I have read, that since personally-identifiable and non-personally-identifiable information are treated differently, that you can sue for releasing non-personally-identifiable information if the EULA states that such information will not be released.

Even if you couldn't sue for such a thing, you could make a strong case that they released personally-identifi

People were identified by the searches. There was the old woman in FL who they were able to identify based on her searches...then showed up on her door step to interview her and she kindly explained that yes those were her searches. She also was able to demonstrate quite well why obtaining search information (see feds clamoring for it) is worthless...all of the diseases and what not that would lead you to believe she is very sick or hypocondriac...turns out she was doing research for friends. Oh well...

first off, why anyone would enter their social into google. Also, isn't there a way to get an update on what is being searched in google at all times? I know this isn't quite the same thing as being identified with a number, but really, if people are entering their socials into aol search, most likely they are with google as well, and if my memory serves me right, there is some way to get an up to the minute/second listing of what the world is searching using google?

The first three digits shoud be easy to guess if we know roughly how old he is and what state he was born in. If we had that info, I'll bet we could cut x down to 3 or 4 possibilities.

Actually, the first 5 digits can be determined based upon how old he is, and which state he was born in (assuming typical issuance at birth). The first three indicate the state (though some states have multiple triplets, which are rotated.) However, the next 2 digits are not random; they are used

and if my memory serves me right, there is some way to get an up to the minute/second listing of what the world is searching using google?

If I remember a Wired interview from a couple years ago, there is a large display up in Google's headquarters that displays these results in real time. Employees are able to watch the board and track the user to see what the individual actually went to (in the article an individual was Googling for suicide help, and they were able to tell he got to a site that would help

Are there, in fact, Privacy Laws? I wasn't under the impression the US Government was particularly worked up about privacy. Certainly the EU seems to be taking a much more aggressive stance about having companies protect your data...

Besides these AOL users shouldn't get too worked up. They couldn't possibly be too concerned about what anyone thinks about them or they wouldn't be using AOL in the first place. The rest of the Internet wasn't particularly surprised at the contents of that search data -- we were all working under the assumption that everyone on AOL was searching for pictures of poo and instructions on how to murder people anyway. The data in question simply confirmed that suspicion.

> It's more about whether or not congressmen searching for 16 year old "escorts" on AOL might be discovered by their political opposition.

The AOL leaked database contains search records of 650,000 subscribers. There are 300M Americans. Statistically, one out of every 461 Americans is in the database.

At a minimum, there are several thousand present/past Congressmen/women, their spouses, and their immediate relatives. It's probable that the database contains the search records of at least one curren

But those results made for hours of good times on various forums! I can't tell you how many times I found threads where people circled the funniest entries in red, and everyone wondered who would possibly search for gorilla pr0n or Why Their Job is So Bad.
Yeah, I have no life.

not claimed by the people who did the lolita type searches? Even if was dumb enough to submit that in a search engine I certainly am not going to step up and say "Yep. Those are my searches" to claim a share. I guess the searcher could use the settlement to hire a criminal defense attorney though.

AOL's releasing of the data was a very good thing, in that it raised people's awareness of the sheer quantity and potentially embarassing nature of search-engine records. With this data being made publically availible, people can now make informed judgements regarding the tradeoff between privacy and national security (or whatever justification is used for the retition of this data).

This sort of lawsuit had to happen at some point; better soon rather than later, and, better that it come out of the incompetance of search-engine administrators rather than the abstract fears of the privacy-inclined.

This will be really interesting to watch. I mean, AOL has dirt on everyone - I can imagine it will be hard to have a court case against them when AOL can come back and say "Oh here you are searching for child porn, illegal song downloads, etc." Unless they don't have anything to be ashamed of I can see it being a very difficult case for the plaintiffs.

This will be really interesting to watch. I mean, AOL has dirt on everyone - I can imagine it will be hard to have a court case against them when AOL can come back and say "Oh here you are searching for child porn, illegal song downloads, etc." Unless they don't have anything to be ashamed of I can see it being a very difficult case for the plaintiffs.

Such low blows could very well work on a singel individual... but if applying that to a whole group of people then there's bound to be one or two that will

"Yeah, see, my name is Joe Blow and I was trying to find my sister's MySpace page. Her name is Lolita. I know she used to work at a race track so I did a search for her: Lolita Blow Job Horses. What's so wrong with that? Now give me my share of the settlement."

The justice department will file a friend of the court brief urging the judge not to impose any limitations on data retention. In fact, while a monetary penalty for releasing the information is in play, the idea that they could shorten or in anyway affect the retention of data is so contrary to the desires of people like Rumsfield and Gonzales that it will never happen.